If the recent cyberattack on one of Tokio Marine Group's companies, Tokio Marine Insurance Singapore Ltd (TMIS), is not enough to convince you about the dangers of cyberattacks, the finance sector has enough evidence emphasizing that cyberattacks on financial institutions would become “inevitable” in the future.
The COVID-19 pandemic prompted financial organizations to go digital, focusing on securing cloud environments and using solutions like SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service), and IaaS (Infrastructure-as-a-Service). Unfortunately, cybercriminals are taking advantage of these digital trends.
IBM's X-Force Threat Intelligence Index revealed that 23% of cyberattacks are directed at financial institutions. The total cost of a single data breach involving a financial institution is the second largest among all industries – costing $5.72 million on average.
Another IBM study, “Cost of Data Breach Report 2020,” showed that 53% of data breaches are financially motivated, which explains why financial institutions are constantly on the cybercrime radar. In other sectors, malicious users focus on social engineering, credential stuffing, and application vulnerabilities. Meanwhile, in the finance sector, malicious users primarily compromise internal corporate networks.
“Organizations have to strictly authenticate both external and internal users to protect their corporate systems. Financial institutions suffer from internal actors who know the banking system's inner workings, and state-backed hackers often target them. While cybersecurity automation today cannot guarantee holding off attackers, a reduced surface area can greatly lower the risk,” said Juta Gurinaviciute, the chief technology officer at NordVPN Teams.
Gurinaviciute reminded financial institutions to establish secure connections for employees and contractors to reach essential assets, minimizing the cyberattack surface area. However, she warned that unconditional trust can be harmful if malicious users compromise the connection.
“Today's authentication is based on a Zero Trust model, meaning that employees and contractors can only access limited resources for a defined period. Even if their connection is compromised in a supply chain attack, hackers won't do much harm as they won't reach the rest of the internal network,” Gurinaviciute added.
According to Gurinaviciute, organizations can also implement an additional security layer that filters the end-point devices and apps based on their IP address. For example, IP whitelisting (also known as the allow list) allows admins to create a set of trusted employee and third-party devices, providing access to the corporate network while complicating the onset of a cyberattack and limiting its surface area.
Companies can also remain resilient by implementing third-party solutions with a centralized control panel for an efficient addition of new devices and applications.